While reading about a few cryptographic systems, I noticed that we always assume the communication channel is not secured. Why is this assumption made? And, why the effort is being put into designing cryptographic systems rather than working on making these communication channels more secure? I know the question is basic, but really cannot find a complete answer.

I suppose because you need cryptography to make those channels secure. And you can't just create a mega-channel and say "this is secure, use this for encrypted communication", because a "secure channel" requires authentication of both parties, which is inherently an individual process.
–
ThomasFeb 21 '13 at 2:56

Additionally, if we can find ways of solving problems without having to rely on a secure channel, that's one fewer point of failure. What happens when our "secure" channel turns out not to be?
–
Stephen TousetFeb 21 '13 at 3:54

Mathematics in general and cryptology in particular is about getting strong conclusions from weak assumptions. Public key cryptography for example can convert an insecure channel from A to B into a secret one assuming there was an authentic channel from B to A before.
–
j.p.Feb 21 '13 at 8:43

3 Answers
3

The goal of cryptography is to create these secure communication channels. However, keep in mind that a secure channel is more than just an encrypted channel. A secure channel should be able to provide confidentiality (using encryption), data integrity (using something like signatures), and data authentication (using something like certificates, MACs). The goal of cryptography is to create these properties to make a "secure channel" out of an unsecured channel.

Note that some cryptosystems build on top of other types of channels. For instance, in public-key cryptography, you generally need to assume that you have access to a authenticated channel for key exchanges (which is a stronger assumption than a completely unsecured channel).

For public key cryptography you need at least a trusted certificate, and this has to be secured through a secure channel. In this case the secured channel could however be e.g. a browser installation. After that you don't need secure channels anymore.
–
Maarten BodewesFeb 21 '13 at 22:56

The point of the trusted certificate is to ensure that you are talking to who you think you're talking to. In other words, the point of this CA is to create an authentication channel to exchange keys. After the keys are exchange, the rest of the communication can occur over the fully unsecured channel.
–
OleksiFeb 22 '13 at 0:31

+1 although the second paragraph is still a bit vague to me - which is understandable given the question
–
Maarten BodewesFeb 22 '13 at 13:09

If you already had a secure channel, you wouldn't need any cryptography. So if you're reading about cryptographic systems, you're reading about how to make things secure. Now, if you want to make a secure communications channel, the first thing you need is a communications channel.

Any time you transmit information you have have to send it through some kind of medium ( air, wire, optical fiber, ect.). The medium can be tapped into at any point by an adversary and is thus considered insecure.